Lucene search
K

4560 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:11 a.m.18 views

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29834

Summary Process Center Console in IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID:CVE-2021-29834 DESCRIPTION: IBM Business Automation Workflow and IBM Business Process Manager is vulnerable to stored...

6.4CVSS5.2AI score0.0048EPSS
Exploits0Affected Software4
Citrix
Citrix
added 2025/04/28 12:0 a.m.12 views

Citrix DaaS - Google Cloud Project (GCP) - Unable to create Machine Catalog Error

Step 1: image-export-ext: 2025-04-23T07:04:13Z Error running workflow: step ""export-disk"" run error: step ""wait-for-inst-export-disk"" run error: WaitForInstancesSignal FailureMatch found for ""inst-export-disk-image-export-ext-export-disk-9sv20"": ""ExportFailed: Failed to copy disk size...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.3 views

Metadata-Private Messaging without Coordination

For those seeking end-to-end private communication free from pervasive metadata tracking and censorship, the Tor network has been the de-facto choice in practice, despite its susceptibility to traffic analysis attacks. Recently, numerous metadata-private messaging proposals have emerged with the...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/27 12:1 a.m.11 views

CVE-2025-46616

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution RCE via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage...

9.9CVSS7.7AI score0.00602EPSS
Exploits0References1
NVD
NVD
added 2025/04/25 7:15 a.m.17 views

CVE-2025-46616

Quantum StorNext Web GUI API before 7.2.4 allows potential Arbitrary Remote Code Execution RCE via upload of a file. This affects StorNext RYO before 7.2.4, StorNext Xcellis Workflow Director before 7.2.4, and ActiveScale Cold Storage...

9.9CVSS0.00602EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/21 8:45 p.m.12 views

CVE-2025-32958 Adept exposed the GITHUB_TOKEN in workflow run artifact

Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file...

9.8CVSS7.2AI score0.00483EPSS
Exploits0References2
CVE
CVE
added 2025/04/21 8:45 p.m.69 views

CVE-2025-32958

Adept (prior to commit a1a41b7) exposed the GITHUB_TOKEN via the mac-standalone artifact created by remoteBuild.yml using actions/upload-artifact@v4. The artifact was a zip of the current directory that included the generated .git/config containing the run’s token, enabling an attacker to extract...

9.8CVSS9.6AI score0.00483EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.2 views

Adept 信息泄露漏洞

Adept is a programming language open-sourced by AdeptLanguage. An information disclosure vulnerability exists in versions prior to Adept a1a41b7, which stems from the remoteBuild.yml workflow file potentially disclosing GITHUBTOKEN, which could lead to the push of malicious code...

9.8CVSS6AI score0.00483EPSS
Exploits0References2
NVD
NVD
added 2025/04/18 9:15 p.m.34 views

CVE-2025-32953

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...

8.7CVSS0.00442EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.4 views

z80pack 信息泄露漏洞

z80pack is a Zilog Z80 with Intel 8080 system emulation by the individual developer Udo Munk. An information disclosure vulnerability exists in z80pack version 1.38 and earlier, which stems from the makefile-ubuntu.yml workflow file potentially disclosing GITHUBTOKEN...

8.7CVSS6.1AI score0.00442EPSS
Exploits0References5
OSV
OSV
added 2025/04/17 6:31 p.m.1 views

GHSA-X8PM-WRG2-MQMX OpenMetadata SQL Injection

OpenMetadata =1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query...

7.1CVSS5.9AI score0.00501EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.4 views

OpenMetadata 安全漏洞

OpenMetadata is OpenMetadata open source a unified discovery, observable and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.1 and earlier versions that stems from a SQL injection...

8.8CVSS7.6AI score0.00501EPSS
Exploits1References3
NVD
NVD
added 2025/04/15 8:15 p.m.44 views

CVE-2025-32445

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...

9.9CVSS0.00671EPSS
Exploits0References2
CVE
CVE
added 2025/04/15 7:22 p.m.303 views

CVE-2025-32445

CVE-2025-32445 is tied to Argo Events. A user with permission to create/modify EventSource and Sensor CRs can cause the orchestrated pod to run with elevated/privileged capabilities by manipulating fields in spec.template and spec.template.container (including command, args, securityContext, volu...

9.9CVSS9.4AI score0.00671EPSS
Exploits0References2
OSV
OSV
added 2025/04/15 7:22 p.m.17 views

CVE-2025-32445 Users can gain privileged access to the host system and cluster with EventSource and Sensor CR

Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor...

9.9CVSS4.3AI score0.00671EPSS
Exploits0References4
OSV
OSV
added 2025/04/11 10:57 a.m.2 views

SUSE-SU-2025:20184-1 Security update for elemental-operator

This update for elemental-operator fixes the following issues: - Updated to version 1.6.8: Deactivated e2e workflow Updated header year CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238700 CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the...

7.5CVSS6.7AI score0.00868EPSS
Exploits2References5
SUSE Linux
SUSE Linux
added 2025/04/11 10:56 a.m.2 views

Security update for elemental-operator

This update for elemental-operator fixes the following issues: Updated to version 1.6.8: Deactivated e2e workflow Updated header year CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs bsc1238700 CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the K...

8.2CVSS7.4AI score0.00868EPSS
Exploits2References8
OSV
OSV
added 2025/04/09 5:4 p.m.3 views

DRUPAL-CONTRIB-2025-030

This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...

6.5CVSS6.9AI score0.0039EPSS
Exploits0References1
Drupal
Drupal
added 2025/04/09 12:0 a.m.10 views

WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030

This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...

6.5CVSS5.7AI score0.0039EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/04/04 7:15 a.m.5 views

CVE-2025-32111

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout...

8.7CVSS7.3AI score0.00355EPSS
Exploits0References3
Rows per page
Query Builder